{
    title:  'Request Routing',
    crumbs: [
        { "User's Guide": '../users/' },
    ],
}
            <h1>Request Routing</h1>
            <a id="overview"></a>
            <h2>Overview</h2>
            <p>GoAhead includes a powerful request routing engine that manages how client HTTP requests are processed. 
            The router is configured with a set of routes from a configuration file called <i>route.txt</i>. This
            file is loaded when GoAhead starts. When a request is received, the router tests various routes and selects
            the best route to handle the request. In the process, routes may redirect or rewrite the request 
            as required.</p>
            <img src="../images/routing.jpg" alt="routing" class="centered" />
            <p>A GoAhead configuration will typically have many routes. The configured routes 
            are tested in-order by matching the route URI pattern against the request URL. 
            A route may require that further preconditions be met before it is suitable to process the
            request. If the required conditions are not met, the next route in the configuration will be tested. There 
            is always a catch-all route that will process the request if all prior routes fail to qualify.</p>
            <a id="configuration"></a>
            <h2 >Route Configuration</h2>
            <p>Routes are defined in the <i>route.txt</i> configuration file via a series of route directives. For 
            example:</p>
<pre class="ui code segment">
route uri=/cgi-bin dir=cgi-bin handler=cgi
route uri=/action handler=action
route uri=/ extensions=jst,asp handler=jst
route uri=/ methods=OPTIONS|TRACE handler=options
</pre>
            <p>Each line defines a new route. While route directives may have many optional parameters, every route will
            have a <i>uri</i> keyword that defines a URI prefix that qualifying requests must begin with. 
            If a client request has a URI that does not being with the route URI prefix, then the route will 
            be skipped.</p>
            <h3>Route Ordering</h3>
            <p>When multiple routes are defined in the configuration file, the router will test each route 
            in the order in which they are declared in the configuration file. So ordering is very important. 
            For routes with similar leading characters, define the route with the longer URI first in the 
            route.txt file.</p>
            <a id="keywords"></a>
            <h2 >Route Keywords</h2>
            <p>A route directive is comprised of a collection of keyword=value pairs. All routes must have a <i>uri</i> 
            keyword, other keywords are optional. Here are the supported route keywords:</p>
            <a name="abilities"></a>
            <h3>abilities</h3>
            <p>The <i>abilities</i> keyword specifies the required user abilities to access resources described by
                this route. Multiple abilities are separated using comma. If multiple abilities are specified, all the
            abilities are required. For example: </p>
            <pre class="ui code segment">route uri=/auth/basic/ auth=basic <b>abilities=create,edit,view</b></pre>
            <p>To activate testing the user's abilities, an <i>auth</i> keyword must be specified to enable 
            user authentication and authorization. 
            See <a href="authentication.html">User Authentication</a> for more information.</p>
            <a name="auth"></a>
            <h3>auth</h3>
            <p>The <i>auth</i> keywords specifies the authentication scheme to use. Authentication is the 
                process of asking for the users's name and password and then validating those credentials and
                determining the user's authorized abilities. Supported authentication schemes are:
                <i>basic</i> for Basic authentication, <i>digest</i> for Digest authentication and
                <i>form</i> for web-form based authentication. </p>
            <p>If the user's credentials cannot be authenticated, the user is redirected to a new URI specified
            by the <i>redirect</i> keyword. When authentication fails, GoAhead responds with a HTTP 401 status code
            which means unauthorized access. A redirect keyword with a 401 status code will specify the 
            redirection target when authentication fails. For example:</p>
            <pre class="ui code segment">route uri=/ <b>auth=form</b> handler=continue redirect=401@/pub/login.html</pre>
            <p>The required abilities are specified by the <a href="#abilities">abilities</a> keyword.
            See <a href="authentication.html">User Authentication</a> for more information.</p>
            <h3>dir</h3>
            <p>The <i>dir</i> keyword defines the filesystem directory containing documents for this route. This overrides
            the default documents directory. If the client is requesting a physical document, the request URI path is
            appended to this directory to locate the file to serve.</p>
            <h3>extensions</h3>
            <p>The <i>extensions</i> keyword specifies the set of valid filename extensions for documents served
            by this route. For example:</p>
            <pre class="ui code segment">route uri=/ <b>extension=cgi|fcgi|mycgi</b> handler=cgi</pre> 
            <p>This will use the CGI handler for any documents with the extensions: cgi, fcgi or mycgi.</p>
            <h3>handler</h3>
            <p>The <i>handler</i> keyword specifies the GoAhead handler that will be responsible for generating
            the response. If unspecified, it defaults to the <i>file</i> handler. Valid handler names include:
            action, cgi, file, jst, options and redirect.</p>
            <h3>methods</h3>
            <p>A route can define the a set of acceptable HTTP methods.  Multiple methods should be separated by
            <i>|</i>. For example: </p>
            <pre class="ui code segment">route uri=/put/ <b>methods=PUT|DELETE</b></pre>
                <p>The standard HTTP methods are: DELETE, GET, OPTIONS, POST, PUT and TRACE. </p>
            <h3>protocol</h3>
            <p>A route can be restricted to a specific protocol such as HTTP or HTTPS via the protocol keyword.
            For example, this route will only apply to SSL requests:</p>
            <pre class="ui code segment">route uri=/ <b>protocol=https</b></pre>
            <h3>redirect</h3>
            <p>The <i>redirect</i> keyword specifies target URIs to which the client will be redirected based on
                the response HTTP status code. The format of the <i>redirect</i> keyword value is: 
                <i>redirect=STATUS@URI</i>,
                where STATUS is a valid HTTP status code and URI is a valid target destination URI. For example:</p>
            <pre class="ui code segment">route uri=/old-content/ <b>redirect=404@/upgrade-message.html</b></pre>
            <p>Unlike other keywords, multiple redirect keywords with different status values
                can be present in a single route.  </p> 
            <h3>uri</h3>
            <p>The <i>uri</i> keyword is mandatory for all routes and defines the URI prefix for matching requests.
            All requests URIs that begin with the specified <i>uri</i> value will match. It is good practice to 
            include a trailing <i>/</i> to match directories. For example:</p>
            <pre class="ui code segment">route <b>uri=/confidential/</b> auth=form abilities=top-secret</pre>
            <h3>Keyword Value Separators</h3>
            <p>Some keyword values may contain multiple values (abilities, extensions, methods). In these cases, 
            values are separated using either "|" or ",".  While both separators are valid, the convention is to
            use "," when all the specified values are required, and to use "|" is used when only one of the specified 
            values is required.  Specifically, abilities should be separated by "," and extensions and methods should be
            separated by "|".</p>
            
            <a id="processing"></a>
            <h2 >Route Processing</h2>
            <p>To process a request, the GoAhead route engine examines each of the configured routes to determine the 
            best matching route for a request. It does this by considering each route in the order they are defined in
            the configuration file. Each route is tested over a sequence of steps. If a route fails to match at a step, the
            route is discarded and the next route is considered.</p>
            <h3>Routing Steps</h3>
            <ol>
                <li><a href="#step-protocol">Protocol Matching</a> &mdash; Test if the request protocol matches.</li>
                <li><a href="#step-method">Method Matching</a> &mdash; Test if the request method matches.</li>
                <li><a href="#step-extension">Extension Matching</a> &mdash; Test if the request extension matches.</li>
                <li><a href="#step-uri">URI Matching</a> &mdash; Test if the request URI matches the route URI.</li>
            </ol>
            <a id="step-protocol"></a>
            <h3>Protocol Matching</h3>
            <p>Protocol matching is an optional step. Routes can be configured to match a specific protocol, 
            either http or https. By default a route supports all protocols.</p>
            <a id="step-method"></a>
            <h3>Method Matching</h3>
            <p>Method matching is an optional step. Routes can be configured to only match certain HTTP methods. 
            Method matching tests the actual request HTTP method against the supported route methods.
            By default a route supports all methods.</p>
            <a id="step-extension"></a>
            <h3>Extension Matching</h3>
            <p>Extension matching is an optional step. Routes can be configured to only match certain filename
            extensions. Extension matching tests the actual request filename against the supported route extensions.
            By default a route supports all extensions.</p>
            <a id="step-uri"></a>
            <h3>URI Matching</h3>
            <p>URI matching is a mandatory stop. The route URI is tested against the start of the request URI.</p>
            <a id="examples"></a>
            <h2 >Route Examples</h2>
            <h3>Redirecting Requests</h3>
            <p>To redirect requests for old documents to newer versions:</p>
<pre class="ui code segment">
route uri=/oldfile.html redirect=/newfile.html
</pre>
            <h3>Redirecting HTTP to SSL</h3>
            <p>To redirect all traffic over SSL:</p>
<pre class="ui code segment">
route uri=/ protocol=http redirect=https
</pre>
            <h3>Controlling Access with Digest Authentication</h3>
            <p>To secure private content via Digest Authentication:</p>
<pre class="ui code segment">
route uri=/ auth=digest
</pre>
            <h3>Enable the TRACE and OPTIONS methods</h3>
            <p>The TRACE and OPTIONS methods are disabled by default to enhance security.
            These methods should not be enabled for all routes. To selectively enable:</p>
<pre class="ui code segment">
route uri=/partition/ methods=OPTIONS|TRACE handler=options
</pre>
            <h3>Define a New Extension</h3>
            <p>To ensure that requests for content with given file extensions are handled
            by a specific handler, you can use the <i>extensions</i> and <i>handler</i> keywords:</p>
<pre class="ui code segment">
route uri=/ extensions=jst,asp handler=jst
</pre>
            <h3>Catch-All Route</h3>
            <p>If all prior routes file to match a request, a catch-all route can be used to respond universally.</p>
            <pre class="ui code segment">route uri=/</pre>
            <p>Note: if the handler is not specified, the <i>file</i> handler is used.</p> 
